<header>Trust level for proxy headers</header>

Use this setting to determine whether Webmin should trust headers from a proxy
to identify the user’s IP address and SSL certificate:
<ul>
        <li>No, do not trust any headers from the proxy.</li>

        <li>Yes, trust the remote IP address provided by proxies. If enabled,
        Webmin will use a header provided by a proxy to determine the browser's
        real IP address for logging and access control purposes, such as
        <tt>X-Forwarded-For</tt> or <tt>X-Real-IP</tt>. This should
        <em>only</em> be enabled when your Webmin system is behind a proxy, and
        there is no direct access from clients; otherwise, a fake header could
        be sent to bypass IP access control restrictions.</li>

        <li>Yes, trust both the remote IP and SSL certificate provided by
        proxies. If enabled, Webmin will use a header provided by a proxy to
        determine the user's client SSL certificate for authentication purposes,
        such as <tt>X-SSL-Client-DN</tt>. This should <em>only</em> be enabled
        when your Webmin system is behind a proxy, and there is no direct access
        from clients; otherwise, a fake header could be sent to log in as a
        different user.</li>
</ul>
<p></p>